Trusted Shared Authentication
Jason Tang
dragor at jml.net
Wed Jul 30 16:00:08 BST 2008
On Wed Jul 30, 2008 at 03:33:44PM +0100, Amit Muthu wrote:
> >
> If you end up going with the click through URLs you probably want them
> to be unpredictable AND (in order of preference):
>
> * single use
>
> or:
>
> * usable for n minutes
>
> or at the very least:
>
> * valid only while the credentials used to do the original
> authentication remain valid (changing your password should invalidate
> any previously generated links relating to your account)
That's a good point! Thanks
Jason
--
Jason Tang - email: jason at dragor.net - msn: jason-msn at dragor.net
More information about the london.pm
mailing list